Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1819

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1819
Last Modified 07 Mar 2011 09:34:09
Published 18 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1819

Summary

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Vulnerable Systems

Application

  • Phpwebsite 0.10.2


References

VUPEN - ADV-2006-1361

BID - 17521

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc

XF - phpwebsite-index-hubdir-file-include(25867)

GENTOO - GLSA-200605-04

SECTRACK - 1015942

SECUNIA - 19914

SECUNIA - 19647

MILW0RM - 1673


Last Updated: 27 May 2016 10:42:14